EE rushes to fix broadband box security risk

Network provider EE will push out an emergency upgrade to its broadband customers after a security flaw was discovered by a UK researcher.

The flaw affects the Brightbox broadband router, as well as the newer Brightbox 2 model

Scott Helme said the vulnerability made "remote access" to EE's routers possible.

The problem affects customers who have either the Brightbox 1 or 2 router in their homes.

EE described the threat as "moderate", but plans to send out an automatic upgrade before the end of this month.

Any broadband customer who has signed up to EE since early 2012 is affected, as are earlier customers who upgraded their routers, the company told the BBC.

It has not specified how many of its customers will need the upgrade, but the BBC understands it to be in the region of 350,000.

In a statement, EE said: "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."

Scott Helme, the security researcher who first discovered the flaws, told El Reg the latest update resolves two of the three most serious problems he found.

BrightBox routers are supplied by EE to its broadband and fibre customers. But Helme discovered vulnerabilities that exposed WPA encryption keys, passwords and users' ISP credentials.

Worse yet, flaws with the technology created a means for hackers to change a router's DNS settings in order to intercept a target's internet traffic.

Sensitive data, including Wi-Fi SSIDs and WPA2 keys, is stored in a file called cgi_status.js that can be accessed without logging into the Brightbox routers, which was made by Taiwan-based manufacturers Arcadyan.

As with many items of consumer networking equipment, the root cause of the problem stemmed from a failure to build security into the router's design. Confidential information was accessible remotely as the result of a cross-site reference forgery flaw involving the router's admin panel.

Helme, an EE customer, carried out his research because of his interest in information security. As many as 700,000 EE customers in the UK were left exposed to attack as a result of the security shortcomings of the kit they use to connect to the internet.